cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10308,https://securityvulnerability.io/vulnerability/CVE-2024-10308,Jeg Elementor Kit Plugin Vulnerable to Stored Cross-Site Scripting,"The Jeg Elementor Kit plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability through its JKit - Countdown widget. This flaw arises from inadequate sanitization of user input and insufficient output escaping for attributes provided by users. Consequently, authenticated attackers with contributor-level access can exploit this vulnerability to inject arbitrary web scripts into pages, which are executed each time a user accesses the compromised page. This risk emphasizes the importance of secure coding practices and regular vulnerability assessments for WordPress plugins.",Wordpress,Jeg Elementor Kit,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-26T11:04:30.982Z,0
CVE-2024-8899,https://securityvulnerability.io/vulnerability/CVE-2024-8899,Sensitive Information Exposure Vulnerability Affects Jeg Elementor Kit Plugin,"The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the render_content function in class/elements/views/class-tabs-view.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.",Wordpress,Jeg Elementor Kit,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-26T11:04:30.428Z,0
CVE-2024-6804,https://securityvulnerability.io/vulnerability/CVE-2024-6804,Arbitrary Script Injection Vulnerability in Jeg Elementor Kit Plugin,"The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",Wordpress,Jeg Elementor Kit,5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-08-27T06:48:03.530Z,0
CVE-2024-4479,https://securityvulnerability.io/vulnerability/CVE-2024-4479,Stored Cross-Site Scripting Vulnerability in Jeg Elementor Kit Plugin,"The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sg_general_toggle_tab_enable and sg_accordion_style attributes within the plugin's JKit - Tabs and JKit - Accordion widget, respectively, in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Jeg Elementor Kit,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2024-06-15T02:15:00.000Z,0
CVE-2024-3161,https://securityvulnerability.io/vulnerability/CVE-2024-3161,Stored Cross-Site Scripting Vulnerability in Jeg Elementor Kit Plugin,"The Jeg Elementor Kit plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping in the countdown widget's attributes. This flaw potentially allows authenticated attackers with contributor access or higher to inject arbitrary scripts into pages. Consequently, these scripts execute whenever a user accesses the compromised page, posing grave security risks and threats to both site integrity and user safety.",Wordpress,Jeg Elementor Kit,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-05-02T16:52:02.521Z,0
CVE-2024-3819,https://securityvulnerability.io/vulnerability/CVE-2024-3819,Stored Cross-Site Scripting Vulnerability in Jeg Elementor Kit Plugin for WordPress,"The Jeg Elementor Kit plugin for WordPress is susceptible to Stored Cross-Site Scripting (XSS) attacks via the JKit - Banner widget. This vulnerability arises from inadequate input sanitization and output escaping concerning user-supplied attributes. Authenticated attackers with contributor-level access or higher can exploit this flaw to inject malicious scripts into web pages, which can be executed when users visit the compromised pages. This situation poses significant risks, allowing attackers to manipulate website content and potentially compromise user data.",Wordpress,Jeg Elementor Kit,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-05-02T16:52:01.563Z,0
CVE-2024-0334,https://securityvulnerability.io/vulnerability/CVE-2024-0334,Stored Cross-Site Scripting Vulnerability in Jeg Elementor Kit Plugin for WordPress,"The Jeg Elementor Kit plugin for WordPress contains a vulnerability that allows for Stored Cross-Site Scripting (XSS) attacks. Specifically, this issue arises from insufficient input sanitization and output escaping on user-supplied attributes within several Elementor widgets. Authenticated attackers with contributor-level access and higher can exploit this vulnerability to inject arbitrary web scripts into pages. These scripts will then execute whenever a user accesses the infected pages, potentially compromising user information and site integrity.",Wordpress,Jeg Elementor Kit,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-01T12:46:30.555Z,0
CVE-2024-1327,https://securityvulnerability.io/vulnerability/CVE-2024-1327,Stored Cross-Site Scripting Vulnerability in Jeg Elementor Kit Plugin,"The Jeg Elementor Kit plugin for WordPress contains a Stored Cross-Site Scripting (XSS) vulnerability that affects all versions up to and including 2.6.3. This vulnerability arises due to inadequate input sanitization and output escaping in the plugin's image box widget. Authenticated users with contributor-level permissions or higher can exploit this flaw to inject arbitrary web scripts into pages, which can be executed when other users access these compromised pages. This can result in various security issues, ranging from unauthorized data access to complete control over affected sites.",Wordpress,Jeg Elementor Kit,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-03T03:15:00.000Z,0
CVE-2024-3162,https://securityvulnerability.io/vulnerability/CVE-2024-3162,Stored Cross-Site Scripting Vulnerability in Jeg Elementor Kit Plugin,"The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget Attributes in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32721 is likely a duplicate of this issue.",Wordpress,Jeg Elementor Kit,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-03T03:15:00.000Z,0
CVE-2024-1326,https://securityvulnerability.io/vulnerability/CVE-2024-1326,Stored Cross-Site Scripting Vulnerability in Jeg Elementor Kit Plugin for WordPress,"The Jeg Elementor Kit plugin for WordPress contains a vulnerability that allows authenticated users with contributor-level permissions and above to exploit stored cross-site scripting. This occurs due to insufficient sanitization of HTML tag attributes, which enables attackers to inject arbitrary scripts into pages. These scripts execute each time a user accesses the compromised page, potentially leading to unauthorized actions or data exposure.",Wordpress,Jeg Elementor Kit,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-03-21T02:51:00.000Z,0
CVE-2022-3794,https://securityvulnerability.io/vulnerability/CVE-2022-3794,Authorization Bypass in Jeg Elementor Kit Plugin for WordPress,"The Jeg Elementor Kit plugin for WordPress contains a vulnerability that allows authenticated users to bypass authorization checks due to insecure AJAX actions in versions up to 2.5.6. Because the plugin does not properly enforce capability checks, it can enable users to create and modify header templates without appropriate permissions, exposing the site to unauthorized changes and potential exploitation.",Wordpress,Jeg Elementor Kit,5.4,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2022-12-22T20:27:09.193Z,0
CVE-2022-3805,https://securityvulnerability.io/vulnerability/CVE-2022-3805,Authorization Bypass in Jeg Elementor Kit Plugin for WordPress,"The Jeg Elementor Kit plugin for WordPress is susceptible to an authorization bypass issue, found in versions up to and including 2.5.6. This vulnerability allows unauthenticated users to exploit accessible nonces from plugin-edited pages to manipulate key settings. Specifically, attackers can update the MailChimp API key, global styles, 404 page settings, and enabled elements, potentially leading to unauthorized changes to the website’s functionalities.",Wordpress,Jeg Elementor Kit,8.6,HIGH,0.001449999981559813,false,,false,false,false,,false,false,2022-12-22T20:26:49.998Z,0